A federal judge on Wednesday dismissed the firm's two lawsuits seeking to have the ban lifted. In her ruling, Judge Colleen Kollar-Kotelly says the government's action does not inflict punishment on Kaspersky Lab. "It eliminates a perceived risk to the nation's cybersecurity and, in so doing, has the secondary effect of foreclosing one small source of revenue for a large multinational corporation," she writes.

In its lawsuits, Kaspersky Lab alleged that it has been denied due process - meaning fair treatment, including the right to see charges against it and have a hearing before an impartial judge - and that the company's reputation, as well as the reputation of its U.S.-based employees and business partners, has been damaged by the U.S. government's unproven allegations.

In her ruling, Kollar-Kotelly writes: "The United States government's networks and computer systems are extremely important strategic national assets. Threats to these systems are constantly expanding and evolving. Their security depends on the government's ability to act swiftly against perceived threats and to take preventive action to minimize vulnerabilities. These defensive actions may very well have adverse consequences for some third parties. But that does not make them unconstitutional."

In a statement reacting to the judge's ruling, the Russian company says: "Kaspersky Lab is disappointed with the court's decisions on its constitutional challenges to the U.S. government prohibitions on the use of its products and services by federal agencies. We will vigorously pursue our appeal rights."

Federal Actions Challenged

The lawsuits challenged the Department of Homeland Security's Binding Operational Directive 17-01, published in a Sept. 19 Federal Register notice, which required all federal government agencies to develop and begin implementing a plan to expunge all "information security products, solutions and services supplied directly or indirectly" by Kaspersky Lab or related entities from federal government systems (see Kaspersky Software Ordered Removed From US Government Computers).

In early May, Sen Jeanne Shaheen, D-N.H., confirmed that Kaspersky Lab anti-virus software had been scrubbed from all federal government computer systems, NextGov
reports.

When announcing the directive that bans Kaspersky Lab software from federal systems, officials voiced concerns that Kaspersky Lab has inappropriate ties to Russian intelligence and other government operations, that Russian law allows intelligence agencies to compel the company to assist it and that Russian intelligence agencies might eavesdrop or intercept information collected by the company.

Another concern: "Kaspersky anti-virus products and solutions provide broad access to files and elevated privileges on the computers on which the software is installed, which can be exploited by malicious cyber actors to compromise those information systems," DHS said in a statement.

Officials have also cited the fact that Eugene Kaspersky graduated from a cryptography institute run by the Soviet Union's KGB - as cause for concern.

But Kaspersky and his firm have continued to deny any improper behavior, saying they would never help "any government in the world with its cyber espionage efforts."

And many security experts say that technically, all anti-virus software must have deep access to systems, and that politically, concerns about ties between intelligence agencies and domestic cybersecurity vendors could apply to vendors from any country (see Surveying 17 Anti-Virus Firms on Their Security Practice).

The Department of Homeland Security, in a statement, said it was pleased with the court's decision and "will continue to do everything in our power, working with federal agencies, to safeguard the government's information systems and networks," according to NextGov.

About the Author

Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;

Enter your email address to reset your password

Already have anISMG account?

Forgot Your Password Message:

Contact Us

Already have anISMG account?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.